Forum Discussion

Nimbostratus

Jan 29, 2015

Bare byte decoding and French characters

Currently, our ASM policies are configured with bare byte decoding check activated. However, this poses problems, as some of our legitimate French pages are flagged with this error. Specifically, it complains about vowels with accents (like à ) which are not part of the ASCII character set (the policy is UTF-8)

Is there a way I can prevent these errors appearing in our logs without deactivating the bare byte decoding check? Like a whitelist of characters?

ASM Advanced WAF

management

security

11 Replies

nathe
Cirrocumulus
Jan 29, 2015
Not sure how granular you can be with Evasion Techniques, not very I believe.

Do you get learning suggestions? Is it triggered on a parameter value? I wonder if you can create an explicit parameter and uncheck "check characters on this parameter value"?

Other option (more complicated I know) is do traffic classification (via http class or local traffic policy dependant on your TMOS version) and divert the french pages, say /france, to a different security policy configured as Western European.

Not sure if you want to allow the violation on the specific entity/page or just stop it from being logged? Not sure if you can stop it being logged.

Hope this is some help,

N

Forum Discussion

Bare byte decoding and French characters

11 Replies

Recent Discussions

Find GSLB pool membership from vip IP

Pool Members communication with B-party via F5 VIP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Related Content

Decoding the IPv4 address from the persistence cookie

Decoding PCI-DSS v4.0: F5's Ridiculously Easy Guide to Technical Compliance

Allow French characters on ASM

Fully Decode URI

Decode BIG-IP performance files